Healthcare breaches from ransomware nearly doubled last year

Ransomware's involvement in major healthcare hacks has nearly doubled from 2016 to 2017. (Chris Maddaloni)

The number of major IT breaches in the healthcare industry caused by ransomware attacks nearly doubled in 2017, according to a new report from the cyber defense company Cryptonite.

The industry is expected to remain a prime target in 2018.

The report’s findings draw from data breaches affecting 500 or more people and reported to the Health and Human Services Office of Civil Rights as required by federal law. Under the Health Insurance Portability and Accountability Act of 1996, HHS is required to set standards for the security of electronic healthcare. One of those standards required that the department’s secretary post a list of breaches of unsecured protected health information affecting 500 or more people.

According to the report, the six largest breaches in 2017 were all caused by ransomware and over a quarter of all IT events reported to HHS were attributable to malware.

“The risk associated with ransomware moved to the forefront in health care beginning in 2016 where it was identified by many as a rapidly emerging and dangerous attack,” the report read. “Ransomware provides more immediate rewards to cyberattackers by threatening a patient’s access to medical care in exchange for the immediate disbursement of digital funds. The hard evidence of the prominent rise in the use of targeted ransomware attacks against health care institutions in 2017 is substantial.”

The report also found that hackers diversified their targets in 2017, and as a result, far fewer health records were compromised, according to the report. In 2017, about 3.4 million records were reported compromised compared with 13.4 million reports a year earlier.

“Health care networks will remain under persistent attack by cyberattackers that target their valuable data through the use of well understood vulnerabilities. It becomes imperative to deploy a comprehensive strategy both to detect and deter the sophisticated attacker moving through the network, as well as the multitudes of ransomware tools that they will deploy into 2018 and 2019,” the report said.